Triangulating on a sound with data from thousands of willing opt-in smart phones is possible. Pitch, yaw, acceleration, relative volume compared to those in proximity to normalize. Calculate position from last known good if towers go out.

Mesh grid relative to each other if no service. Share UDP 5353 and change multicast DNS into a “people finder”.

The app, when turned on, would send a cascade of data flowing in with lots of noise. The analysis is the same thing anyone who has done log analysis with an ELK stack is familiar with. Have a buffer of say 10 seconds backwards until triggered.

With a few datasets from simulations (like having 30 people in a room and see if the app can figure out who blew the dog whistle.

Sensor based smart phone triangulation is one way we could defend ourselves in an attack on any soft target.

Note: the concept is somewhat related to what we are building at somarobotics.com. However I’m putting it out there because I’d love to see someone build a system to automatically respond and help.

Nothing can explain away the tragedy that happened last night in Las Vegas. A terrorist act by a cowardly American white male terrorist. And nothing SHOULD explain it away. It’s inexcusable in every way.

A wise person recently told me that “POTUS is not the problem. He is a symptom of the problem.” I believe they make a valid point that we have major issues that have been building for years. And we need to STOP IT.

Now is a time to support the families.

But very shortly, we need to have some serious dialog …. and the burden of finding the right balance of legislation falls 100% on the gun lobby itself.

On a positive note, this is how I think of Las Vegas. Still.

PS: There are no links in this post because there are much smarter people than me working together with the victims right now and I have no desire to distract.

“Here’s the thing: Even if we lived in a color-blind society, that would be a dangerous sentiment. After all, freedom of expression is right there in the First Amendment. And our brave soldiers didn’t fight and die so that everyone stood during the national anthem. They fought so people could have the right to make a choice about whether or not they wanted to stand. That’s the whole damn point of the First Amendment.”

From the second article on the Equifax breach linked above, this portion really galls me:

… not only are none of the last names tied to your Social Security number, but there’s no way to tell if you were really impacted.

It’s clear Equifax’s goal isn’t to protect the consumer or bring them vital information. It’s to get you to sign up for its revenue-generating product TrustID.

Earlier it was revealed executives had sold stock in the company before going public with the leak. We also found TrustID’s Terms of Service to be disturbing. The wording is such that anyone signing up for the product is barred from suing the company after.

The following phrase alone, if true, combined with Equifax literally trying to monetize their security errors, is what gives capitalism a bad name:

The wording is such that anyone signing up for the product is barred from suing the company after.

I have to believe the Equifax PR team is working for PharmaBro or Putin trying to make them look good in comparison.

Note: Equifax has changed the indemnification, but only under duress imho. Furthermore 30 days free credit monitoring by the company that released your data and then you will have to pay monthly still seems wrong. But to be fair, here is their update:

Questions continue to be raised about the arbitration clause and class action waiver language that was originally in the terms of use for the free credit file monitoring and identity theft protection products that we are offering called TrustedID Premier.
(Editor: well ya, duh!?)

We have removed that language from the TrustedID Premier Terms of Use and it will not apply to the free products offered in response to the cybersecurity incident or for claims related to the cybersecurity incident itself. The arbitration language will not apply to any consumer who signed up before the language was removed.
(Editor: but did you fire the person who did it in the first place?)

I get it. Nothing is secure. If the NSAs hacking tools get stolen and OPM loses all of the data on security clearance checks on our own people, then truly nothing is safe. I get it.

What I do not understand is a company as large as Equifax not being prepared for something like this. That Equifax did not announce it promptly. That Equifax executives sold stock before announcing it. That Equifax then attempted to indemnify themselves. That Equifax is using the crisis to sell a monitoring service that you have to pay for after 30 days. A service to monitor YOUR data that THEY lost control of!

The Internet was not built for e-commerce – it was built for knowledge sharing in a “walled garden”. Therefore keeping sites secure is not possible. Any security professional will tell you best practice is to white-list good guys (selective inclusion) as opposed to trying to find every attack and block it. Therefore the difficulty at a high level is primarily in identifying and blocking bad actors.

I hate to say it folks, but we are playing whack-a-mole with your identity and money. It will always be an uphill battle to maintain security on the Internet and you will never ever be 100% safe.

Property crime has declined significantly over the long term. Like the violent crime rate, the U.S. property crime rate today is far below its peak level. FBI data show that the rate fell 48% between 1993 and 2015, while BJS reports a decline of 69% during that span.

and then there is the disparity created by the advertising supported media that influences our brains. We are gullible.

Public perceptions about crime in the U.S. often don’t align with the data. Opinion surveys regularly find that Americans believe crime is up, even when the data show it is down.

Although it’s not all good.

Many crimes are not reported to police. In its annual survey, BJS asks victims of crime whether or not they reported that crime to police. In 2015, the most recent year available, only about half of the violent crime tracked by BJS (47%) was reported to police.

Bottom line? Stay thirsty for the facts my friends. We can’t always drink the kool aid. Or the same thing. Stay thirsty for knowledge because knowledge is power.

Make no mistake, say “pro business” and then create “market uncertainty” and you get a LOT less job creation. Wall Street Journal last weekend. Data is data. Constrict capital and people like me can’t create jobs even if we want to.

post election drop in cash flow

The headline? It’s incorrect. Ask anyone – what happens when people lose access to capital? #duh

James Comey Testimony on Russian Hacking Includes Acknowledgement of Russians Specifically targeting NGOs and Nonprofits

Growing Tendenci – The Open Source AMS, has been eye opening. I didn’t realize fully why our clients were constantly being attacked. Even behind all of our firewalls, scanners, ACLs, malware, rootkit detection, antivirus, third party scanners, multifactor, use of Honeypots, we don’t store credit cards, and then still even more custom security measures we’ve developed in house.

I mean seriously, it’s not like you’re going to scan a site we host and not have it logged and inspected and blocked aggressively when possible. Nothing is hack proof obviously. But our security practices are FAR beyond the norm.

I didn’t have the luxury of questioning the motive. We do.

When necessary, we have engaged authorities for assistance. So it was interesting to see this from former FBI Director James Comey’s testimony:

COMEY: The first cyber — there was all kinds of cyber intrusions going on all the time. The first Russian-connected cyber intrusion I became aware of in the late summer of 2015.

BURR: And in that time frame, there were more than the DNC and the D triple C that were targets?

COMEY: Correct, a massive effort to target government and nongovernmental, near governmental agencies like nonprofits.

BURR: What would be the estimate of how many entities out there the Russians specifically targeted in that time frame?

COMEY: It’s hundreds. I suppose it could be more than 1,000, but it’s at least hundreds.

Let me repeat that last part for emphasis in case anyone who works with Associations and Non Profits needs some ammo to take back to their board about why they can’t host for $10 a month on a cheap hosting site.

COMEY: The first cyber — there was all kinds of cyber intrusions going on all the time. The first Russian-connected cyber intrusion I became aware of in the late summer of 2015.

COMEY: Correct, a massive effort to target government and nongovernmental, near governmental agencies like nonprofits.

BURR: What would be the estimate of how many entities out there the Russians specifically targeted in that time frame?

COMEY: It’s hundreds. I suppose it could be more than 1,000, but it’s at least hundreds.

Those words should weigh heavily on people in the NPO/NGO sector. It is worthy of mention to everyone using an AMS system. To be secure, you need to be able to inspect your own code if you host with us or somewhere else. Please do so with Tendenci at https://github.com/tendenci/tendenci/ . Security is a process, not a magic pill.

The motives for these attempted hacks are above my pay grade. Just know if you feel you are being targeted, well, it isn’t paranoia if they really are out to get you. And they really are out to get you.

And please don’t click that link in your email. Please. Just don’t do it.

Stay vigilant my friends.

PS – two other facts I can add. I can personally confirm it was in the hundreds just based on our client base. This does NOT mean they breached, but targeted? Yes. And second, by my estimations it started in earnest in 2013, not 2015.

PPS – and now we start the count down before they take my blog offline with DDOS again. Whoever “they” is. All I see is a matrix at this point… and I’m ok with that oddly enough. Because if the Zombie apocalypse is real in downtown SF, then everything else is possible too.

Disclaimer: This post is NOT about the President. Or about former FBI Director Comey’s testimony as it relates to our elected Zombies on both sides who vote party over the people they represent. No, this post is about a small part of Comey’s testimony that relates to Associations and Nonprofits. It applies if they use Tendenci or not. Whatever the motive of the Russian hackers, the fact is that associations and nonprofits are being singled out for attacks. This is a fact of your current reality.

Tricksters have always been with us

Are they tricksters or merely pranksters? That is up to you to discern, but that is the point, right? They stole the sun and the moon while we “took the time to watch the flowers in the garden” while doing yoga.

Hyde gives equal time to the Native American Coyote, the Chinese Monkey King and India’s Krishna. At first glance, these characters are merely pranksters; humorous, sometimes annoying and occasionally dangerous ne’er do wells who disrupt the normal flow of things. As the title of this book suggests, Hyde believes tricksters are much more than this. He makes a convincing case that tricksters are essential in both preserving and transforming societies. Without their disruptions, cultural stagnation would result. He points out that tricksters can either help to maintain the status quo or bring about radical transformation.

To quote two of my favorite tricksters, Pablo Picasso and DuChamp,

Everything you can imagine is real. – Pablo Picasso

Now to quote DuChamp, an artist who “refused to repeat himself”, now that is a challenge. Every quote is subjectively abrogated by another quote from the past or the future like the a religious text – was it situationally appropriate? DuChamp stated this himself.

I have forced myself to contradict myself in order to avoid conforming to my own taste. – Marcel Duchamp

As for DuChamp, you can reinvent, but it takes energy to constantly come up with a unique identity. DuChamp still needed a vehicle to wrap the thread around, a thread to follow back out of the woods if he got lost.

To begin to understand Duchamp takes someone way smarter than me. I choose to view his work like the bobbin of time. We are just the blameless victim of observation. Maybe the thread broke, or maybe thread did not break. At least a cat didn’t die in the discovery process. right? Regardless like the genius before his time that he was, Duchamp gave us Rrose Sélavy to at least provide one example guide, like the math equations with odd numbers solved in the back of our calculus books, so that we might oddly enough, solve the evens.

These threads are strings. The strings are wrapped around bobbins of tricks and truth. And these bobbins are not the tiny bobbins that went in your parents’ sewing machines. These strings are the messy bobbins of someone working a weave. The bobbins are large with varied widths and inconsistencies from the vagaries of human behavior and therefore our resulting inconsistent craftsmanship.

Rrose Sélavy, the feminine alter ego created by Marcel Duchamp, is one of the most complex and pervasive pieces in the enigmatic puzzle of the artist’s oeuvre. She first emerged in portraits made by the photographer Man Ray in New York in the early 1920s, when Duchamp and Man Ray were collaborating on a number of conceptual photographic works. Rrose Sélavy lived on as the person to whom Duchamp attributed specific works of art, Readymades, puns, and writings throughout his career.

They. Are. Fucking. With. You.

And the most guilty of all, of fucking with us, is Prince. So let’s go crazy because he already predicted it. Partying like it’s 1999 was stolen from us by a bunch of computer nerds warning about the two-digit date big. We have NEVER partied like it was 1999.

You know what we can do? We can and should go crazy. If you aren’t already there yet, join us, because we look the same as you, act the same, obey the law and act ethically, but I am told there is an ethos that emerges when you “go crazy”. I don’t know, I’m not there yet, but it is a worthy topic of discussion.

Gmork: Foolish boy. Don’t you know anything about Fantasia? It’s the world of human fantasy. Every part, every creature of it, is a piece of the dreams and hopes of mankind. Therefore, it has no boundaries.Atreyu: But why is Fantasia dying, then?Gmork: Because people have begun to lose their hopes and forget their dreams. So the Nothing grows stronger.Atreyu: What is the Nothing?Gmork: It’s the emptiness that’s left. It’s like a despair, destroying this world. And I have been trying to help it.Atreyu: But why?Gmork: Because people who have no hopes are easy to control; and whoever has the control… has the power

The logos were repeatedly displayed, but only for milliseconds at a time, a span so short that subjects weren’t consciously aware of them. By measuring the brain signals at the precise time the images were displayed, Bonaci’s team was able to glean clues about the player’s thoughts and feelings about the things that were depicted.

Completely possible in the near future. Buy brain branding / influencing malware on the dark web. Coming to an AR game near you.

Or reverse the sensors switch to UP and tiny shocks delivered for negative feedback to images as well.

I don’t view this as science fiction. This will happen unfortunately.

It’s a hack more insidious than the “infect two friends to get your data back.” Speaking of the infect-two-friends malware everyone says “I would never do that!” I point out that it’s really “infect two people you know” malware and not everyone you know is a friend. If a person is broke and they know their ex will open their email, and they can plausibly deny sending it, you know the rest of the story.

Cindi Crigler is one of the most beautiful people I have ever known. Best friend to my wife, our families have been intertwined for 15 to 20 years, we aren’t even sure of the exact date of when we all connected. Cindi loves us so much she adopted our backyard chicken when we were looking for a home! I could go on, and have written three different tributes, and they all digressed into thoughts I can’t publish.

All I can say is that truly amazing people are still out there. They are humble and quiet and strong as hell. Because love conquers all. Cindi personified that. Words from her family are below the images. Please read them.

Cynthia Farlow Crigler
1958-2017

Cynthia Farlow Crigler,58, passed away peacefully at her home in Houston, surrounded by her loved ones on Tuesday, January 3rd, 2017.

Born in Fort Worth, Texas to Frank and Clare Farlow, Cindi grew up in Houston with her siblings Julie, Allison, and Katherine. Cindi was a carefree spirit and a beautiful light that shone brightly on this earth. Her smile, laughter and gentle soul cannot be erased. Together with Michael Crigler, she had four children and 8 grandchildren. Her beautiful family was her greatest joy and proudest accomplishment. She had a love for all living things and always kept a menagerie of animals. Her life has been a tapestry that she has woven with different fabrics, full of vibrant colors.

She is survived by her parents Frank and Clare Farlow, her step-mother Jan Farlow, and her siblings: Julie Farlow Grote, Allison Farlow Simmons and Katherine Farlow Richardson. She is also survived by her children and grandchildren: Shannon and Mike Taylor and their children Zoe and Chloe; Jamie and Oliver Salgado and their children Vince and Lyla; Casey and Jeffrey Poche and their children Aidyn and Ali; and, Mikey and Taryn Crigler and their children Nate and October. Lastly, a special thanks to her loving partner Stephen Dean and all of her close friends who have supported her throughout her life.

A celebration of life will be held on Saturday, January 7th, 2017. In Lieu of Flowers, donations can be made in her name to TWRC Wildlife Center www.twrcwildlifecenter.org.

Install an SSL certificate on your web site. These can be purchased from a number of sources like godaddy, free but short lived ones are available from letsencrypt. Or you can get really serious about it and work with a security professional like my friend Jason Palmer http://www.jasonpalmer.com/ .

This blog is a WordPress blog written in PHP. And WordPress, when secured properly, is a great platform.

So why did our team choose to rewrite Tendenci Open Source and in the Python Programming language? It is a question I get asked a lot. We’ve never been a company that likes to talk in the negative if at all possible, yet it is important to talk about the megatrends going on given we work with associations and nonprofits.

Popularity of a language is a trend, and what you want is as many developers familiar and liking the language of your open source project as possible. This means you have a better chance to have a secure web site and therefore a more secure future.

To be fair – as Disraeli said – “lies, damn lies and statistics” – so there is no one perfectly secure language any more than there is a perfectly “safe” hammer. There will always be operator error and programmers make mistakes.

So we’re not saying Python is perfect, and all of us have used most of the other languages on those charts at some point. We’re just saying we are pleased so many other programmers also like Python and Open Source. THAT is the best that can be done to secure your future online. Secure code that you can examine yourself and even host yourself!

To the fighters, the warriors, the first responders, the victims of a sucker punch, just know this. They did NOT win. You won. And we respect and thank you for that on the anniversary of 9-11. Grateful we are, and also powerful thanks to you.

“A true veteran might not agree with Colin Kaepernick, but a true veteran would fight to the death to protect his right to say what he believes.
You don’t like what Kaepernick has to say? Then prove him wrong, BE the nation he can respect.

In the course of owning a business you get a lot of phone calls from investors and venture capitalists. It’s a game, but a fair one if played correctly in that whatever your revenue, their criteria is just about twice yours. When we were 1M they were looking for 2M companies. When we were 2M they were looking for 3. When we were over 3 they were looking for 5, etc…. But they knew that when they contacted. So why?

Because knowledge is power. In an industry like membership management software there isn’t much transparency because so many companies are private. So they call. The calls are always polite. It’s important to remember they are frequently just due diligence by the firm as they negotiate to purchase a competitor in your space. Again, there is nothing wrong with this if knowledge is shared both ways.

Business Owner action item: as the business owner it’s up to you to ask the questions as well. Start with the simple stuff like “where do you see the industry going in 5 years?” etc. Trading information can be helpful, for both parties and if you are the smaller fish you better be more nimble anyway

How do most of the calls end? Typically the same and both parties knew it when the call started.

“well let’s stay in touch and touch base in a year.”

If you did your job and asked questions of them as well, then hey, that’s fair. In the VC world the “it’s not you, it’s me” breakup equivalent is “we are looking for someone a bit larger and with higher profits so call back”. But both parties knew that when the call started, it’s just the polite way to end the call. What highly profitable business owner wants to sell? Not many that I know of. It’s an attempt to be polite.

But, sometimes something interesting happens. Specifically I had someone ask me an interesting question recently about a competitor. It was a bit out of the blue which tells me it was on their to do list more than mine. The investor rep asked:

What do you see as company-x’s Achilles Heel besides being on the Microsoft platform?

I have to admit that I wasn’t expecting the question and I prefer to not say bad things about competitors. Usually they are good people trying hard in a competitive environment. We hang out together at NTEN, SXSW and for some of us OSCON. They really are good people. So I didn’t answer the “Achilles Heel” question fully. This is me correcting the record.

Yes, they have a problem. Why? Because in one of my History classes while getting a BS in POLS from Texas A&M University we studied Carnegie Steel. Given I like history, let’s look at it through the lens of “what would Andrew Carnegie do?”

In 1870 Carnegie decided that instead of being a “capitalist” with diversified interests he was going to be a steelman exclusively. Using his own capital, he erected his first blast furnace (to make pig iron) that year and the second in 1872. In 1873 he organized a Bessemer-steel rail company, a limited partnership. Depression had set in and would continue until 1879, but Carnegie persisted, using his own funds and getting local bank help. The first steel furnace at Braddock, Pa., began to roll rails in 1874. Carnegie continued building despite the depression—cutting prices, driving out competitors, shaking off faltering partners, plowing back earnings. In 1878 the company was capitalized at $1.25 million, of which Carnegie’s share was 59 percent; from these policies he never deviated. He took in new partners from his own “young men” (by 1900, he had 40); he never went public, capital being obtained from undivided profits (and in periods of stress, from local banks); and he kept on growing, horizontally and vertically, making heavy steel alone. From 1880 onward, Carnegie dominated the steel industry.

Still with me? Because from that dominance he sat at the top of the food chain. And then inexplicably they poked him. Why? WTF?

Carnegie had thought of selling out and retiring in 1889: his annual income was $2 million, and he wanted to cultivate his hobbies and develop the philanthropic program that was taking shape in his mind. But the threats that now came from the West as well as the East were too much for his fighting spirit and his sense of outrage, and he took the war into the enemy camp.

Sooooo… Carnegie then did NOT retire but rather took the fight to them. He took the fight to them with the advantages and business knowledge of his industry that he possessed. Now back to our story…

He (Carnegie) would not join their pools and cartels; moreover, he would invade their territories by making tubes, wire and nails, and hoop and cotton ties and by expanding his sales activities into the West. He ordered a new tube plant built on Lake Erie at Conneaut, which at the same time would be a great transportation center with harbors for boats to run to Chicago and a railroad to connect with Pittsburgh.

The competition surrendered, but at a much higher price than they would have otherwise.

Thus originated the U.S. Steel Corporation in 1901, through the work of J.P. Morgan. The point was to buy Carnegie off at his own price—as he was the only disturbing factor that held back “orderly markets and stable prices.” The Carnegie Company properties were purchased for almost $500 million (out of the total capitalization of the merger of $1.4 billion); Carnegie’s personal share was $225 million, which he insisted upon having in the corporation’s first-mortgage gold bonds. At last Carnegie was free to pursue his outside interests.

Why, how, could the competition have so badly misjudged things? They missed the megatrends/macroeconomics and underestimated their competitor. Realize one dollar of capital in the hands of experience is far more powerful than ten dollars in the hands of bankers.

It’s quite simple really. Carnegie had lowered his costs and built up his capital to the point that the competitor’s moves were an “event” and his response was simply a “choice”. A freaking choice. If that doesn’t make you nervous then I didn’t explain it well.

From the start Carnegie was willing to pay the price to win. Who knows, maybe he was just bored? Regardless the competition was in over their heads with a combined company run by bankers without the institutional knowledge of a steelman.

The bankers accepted their losses. But their misstep meant they paid a significant price for not researching the market, researching the trends, and especially for not understanding the machine Carnegie had built. It wasn’t just the capital, it was years of best practices developed by Frick and Carnegie that allowed him to win. A business is complex. Business practices are maintained by people, not Viseo flowcharts or Powerpoint.

Pick your fights.

Further – the only thing more complex than a business is communities of people like the open source community. You can’t buy them off or learn the social norms in a year or two.

[redacted]

Back to the phone call – in this case, the competitor the investor asked about is one we see occasionally in the sales process. They have some aggressive affiliates but I can’t say I’ve had a bad encounter with their CEO or one of their employees. So yes, I know them. I know how our product is differentiated with greater functionality. (having a better product does help – but they would say the same thing).

SWOT analysis if it got aggressive?

Well I can back into the competitors costs using the usual methods like salary survey sites and looking at their network. There are people who will research these things for a very reasonable price. Add to that the fact that they are proprietary AND require two year contracts just makes it easier. You wouldn’t want to sign your nonprofit up with a proprietary solution if you knew there was a better solution that was also open source, right? (data says 90% want use open source or “roll their own” – NTEN).

Maneuvering around their market positioning would be as strategically challenging as going around the Maginot line. Easy pickings – IF someone wanted a fight.

If this sounds arrogant, it isn’t. It is just me acknowledging how the future would put the very existence of our company in question if we hadn’t changed. I did what any self-aware responsible and knowledgeable CEO would do. We did a pivot. And WordPress and Drupal are great examples to follow.

The bigger question is why other leaders didn’t see open source coming?

Our competitive position – Tendenci has driven our costs down and gone open source in a group of competitors trapped with huge employee expenses, high proprietary licensing costs, shared servers which amplifies security risks, and constant turn over in their work force. Meanwhile hack attacks are sky rocketing and insurance and benefit costs climb.

Add to that programming isn’t something you can throw money at – it just takes time and adding more keyboard-monkeys just slows down the innovators.

To the person who asked the question – my answer is this:

Company X’s achilles heel is they exist at the whim of a better positioned open company with an aggressive strategy. You don’t have to win every prospect, you just have to force the competitor to sell below their cost. And wait.

The rest is details.

Tendenci will continue to rise because it is exactly what nonprofits and government agencies are asking for. Freedom. Respect. Dignity. Openness. Love.

Tools to help the cause first and our company second.

PS – if you are an investor in that company, don’t worry. I have no intention of implementing the above strategy right now as this is a case of “there is no spoon.” What is next is far more interesting to me. There is some amazing stuff on the horizon. I just wanted to come clean on how vulnerable some companies are. And yes, in a SWOT analysis or a prospectus, you should probably cross reference their technology with tech trends. I guess that is a question for the attorneys and IANAL.